EMAIL SUPPORT
dclessons@dclessons.comLOCATION
USLAB: Configure End to End VPC Endpoint Service
LAB:Configure End to End VPC Endpoint Service
Set up an end-to-end connection between two VPC’s (Services Provider and customer) using Endpoint service. In this lab, we will be creating a service provider VPC with a public subnet which contains a Network load balancer with EC2 Instance having a sample webpage and then create a VPC Endpoint service for the Network Load balancer.
For the customer side, we will be creating a Customer VPC with a public subnet and create a VPC Endpoint and test the connectivity using an EC2 Instance.
Topology:
Refer below topology to configure VPC Endpoint End to end Service.
Task:
- Create a service provider VPC Dclessons-SP-Network with CIDR: 20.0.0.0/16
- Create and attach an Internet Gateway Dclessons-SP-IGW to VPC Dclessons-SP-Network.
- Create a Public subnet Dclessons-SP-Public-Subnet- (20.0.1.0/24)
- Create a Public Route Table and associate it with the subnet.
- Add the public Route 0.0.0.0/0 to IGW in the Route table in Dclessons-SP-Public-RT.
- Create an EC2 Instances in subnet Dclessons-SP-Public-Subnet.
- Create a Network Load Balancer Dclessons-SP-LB in SP VPC.
- Create an Endpoint service Dclessons-SP-VPC-EP-Service.
- Create a customer VPC Dclessons-Customer-VPC01 with CIDR:10.0.0.0/16.
- Create and attach an Internet Gateway Dclessons-Customer-IGW to VPC Dclessons-Customer-VPC01.
- Create a Public subnet Dclessons-Customer-Public-Subnet (10.0.1.0/24) and Create a Public Route Table Dclessons-Customer-Public-RT and associate it with the subnet.
- Add the public Route 0.0.0.0/0 with target Dclessons-Customer-IGW in the Route table Dclessons-Customer-Public-RT.
- Create an EC2 Instance Dclessons-Customer-EC2.
- Create a VPC Endpoint and connect between Customer and Service Provider VPC.
- Test the connectivity.
Solution:
Create VPC
Go to AWS Services | VPC | Create VPC | Under VPC Setting Name: Dclessons-SP-Network with CIDR: 20.0.0.0/16 | Click Create VPC
Select Internet Gateway | Create Internet Gateway | Name: Dclessons-SP-IGW | Click Create Internet Gateway
Now attach this IGW to SP VPC , as shown below
Configure SP Subnet
Go to Subnet | Under Create Subnet: Select VPC: Dclessons-SP-Network | Subnet Name: Dclessons-SP-Public-Subnet | AZ: Ohio/us-east-2a with IPv4 CIDR: 20.0.1.0/24
Create Route Table for SP Public Subnet:
Go to Route table | under create Route Table Name: Dclessons-SP-Public-RT | VPC Name: Dclessons-SP-Network | Click Create Route Table
Under Route table: Dclessons-SP-Public-RT, Select Subnet Association : Click Edit Subnet Association:
Select Dclessons-SP-Public-Subnet 20.0.1.0/24 and save
Select Route Tab | Edit Routes | and add 0.0.0.0/0 with target IGW
Configure EC2 instance in SP network:
Launch Amazon Linux AMI with t2.micro Instance , refer below figure for configuration. Under Advance Setting | User data filed , provide following code :
#!/bin/bash
sudo su
yum update -y
yum install httpd -y
systemctl start httpd
systemctl enable httpd
echo "Welcome to DCLESSONS Webserver 1" >> /var/www/html/index.html
systemctl restart http
In Security Group Section | Click to create new Security Group and allow all ports and protocols shown in below figure | Click to review and launch
Under key pair section | Select Create a new Key pair | Name: Webserver | Click Download Key pair and Click Launch Instances.
Configure Load balancer
Under VPC | Click on load balancer Section | Click to create Network Load balancer | Under Basic Configuration: Name: Dclessons-SP-LB | Scheme: Internet-facing | IP address: IPv4 | Select VPC: Dclessons-SP-Network | Mapping: us-east2a with subnet: Dclessons-SP-Public-Subnet and IPv4 address: assigned by AWS.
Now Under Listeners and Routing | Select port 80 with protocol: TCP Port 80 and Click Create Target Group
Under Target Group | Name: Dclessons-SP-LB-TG | Select protocol: TCP and Port: 80 and in Listeners section select target group Dclessons-SP-LB-TG
In Health Check Section | Select health Check protocols: TCP and in Specify Group Details option: Select Instances.
Click Next to go to Register Target Section: Under Register Target, Select Dclessons-Webserver1 Instance | Select: Include as pending below | Click to Create target group.
Click Create Load balancer
Now Once LB is created, you can see DNS name ( A record ) has been provided to LB.
Comment
TABLE OF CONTENTS
- LAB: Create a Custom VPC & test reachability between EC2 via Internet GW and NAT GW.
- LAB: Configure EC2 as VPN Server for Open VPN Connection
- LAB: Configure AWS Site to Site VPN Connection
- LAB: Configure Network Loadbalancer
- LAB : Configure Transit Gateway with Segmentation
- LAB :Configure Transit Gateway Peering between Two VPC
- LAB: Configure VPC Peering between Two VPC
- LAB : Configure VPC Endpoint to access S3
- LAB: Configure End to End VPC Endpoint Service
- LAB : Create VPC Flow Logs and Generate Traffic
- LAB : Configure WAF to block Web traffic
RECENT POSTS
- What is Docker and Why is It Important?
- Learn Python 3.0 Programming for Network Automation
- Cisco ACI Data Centre: A Comprehensive Overview
- How to Prepare for the Microsoft Azure AZ-305 Exam
- AWS Training Certification Course for Solutions Architect
- Cisco SASE Architecture
- SASE vs SD-WAN
- What is SASE
- Accessing Amazon S3 using AWS private Link in Secure hybrid method.
- Cisco Smart Licensing Policy
LEAVE A COMMENT
Please login here to comment.